Several cyber-security analysts tweeted about the discovery of what was “a breach of an insecure server that allowed access to TikTok’s storage, which they believe contained personal user data”
A potential data breach in Chinese short-form video app TikTok has been discovered by cybersecurity researchers on Monday, allegedly involving up to two billion user database records.
Several cyber-security analysts tweeted about the discovery of what was “a breach of an insecure server that allowed access to TikTok’s storage, which they believe contained personal user data.”
“This is your forewarning. #TikTok has reportedly suffered a #data #breach, and if true there may be fallout from it in the coming days. We recommend you change your TikTok #password and enable Two-Factor Authentication, if you have not done so already,” tweeted BeeHive CyberSecurity.
“We’ve reviewed a sample of the extracted data. To our email subscribers and private clients, we’ve already sent out warning communications,” it added.
To verify if the sample data is genuine or not, Troy Hunt, creator of data breach information site haveibeenpwned, posted a thread on Twitter. For him, the evidence is “so far pretty inconclusive.”
BlueHornet|AgaisntTheWest posted all the details on breached forums.
“Who would have thought that @TikTok would decide to store all their internal backend source code on one Alibaba Cloud instance using a trashy password?” they tweeted, posting about how easily they could download the data.
A TikTok spokesperson was quoted as saying in news reports that their security team “investigated this statement and determined that the code in question is completely unrelated to TikTok’s backend source code.”
Vulnerability in the TikTok app for Android that can let hackers take over private, short-form videos of millions of users once they clicked on a malicious link was just discovered by Microsoft 365 Defender Research Team.
High-severity vulnerability in the TikTok Android application, which could have allowed attackers to compromise users’ accounts with a single click was discovered by Microsoft.
The Chinese company has now fixed the vulnerability, which would have required several issues to be chained together to exploit.
“Attackers could have leveraged the vulnerability to hijack an account without users’ awareness if a targeted user simply clicked a specially crafted link,” the tech giant said in a statement last week.
CIO News, a proprietary of Mercadeo, produces award-winning content and resources for IT leaders across any industry through print articles and recorded video interviews on topics in the technology sector such as Digital Transformation, Artificial Intelligence (AI), Machine Learning (ML), Cloud, Robotics, Cyber-security, Data, Analytics, SOC, SASE, among other technology topics